/* Hey Emacs use -*- mode: C -*- */
/*
 * Copyright (c) 2015-2020 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
option version = "1.0.0";

import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";

typedef ikev2_id
{
  u8 type;
  u8 data_len;
  string data[64];
};

typedef ikev2_ts
{
  u32 sa_index;
  u32 child_sa_index;

  bool is_local;
  u8 protocol_id;
  u16 start_port;
  u16 end_port;
  vl_api_address_t start_addr;
  vl_api_address_t end_addr;
};

typedef ikev2_auth
{
  u8 method;
  u8 hex;			/* hex encoding of the shared secret */
  u32 data_len;
  u8 data[data_len];
};

typedef ikev2_responder
{
  vl_api_interface_index_t sw_if_index;
  vl_api_address_t addr;
};

typedef ikev2_ike_transforms
{
  u8 crypto_alg;
  u32 crypto_key_size;
  u8 integ_alg;
  u8 dh_group;
};

typedef ikev2_esp_transforms
{
  u8 crypto_alg;
  u32 crypto_key_size;
  u8 integ_alg;
};

typedef ikev2_profile
{
  string name[64];
  vl_api_ikev2_id_t loc_id;
  vl_api_ikev2_id_t rem_id;
  vl_api_ikev2_ts_t loc_ts;
  vl_api_ikev2_ts_t rem_ts;
  vl_api_ikev2_responder_t responder;
  vl_api_ikev2_ike_transforms_t ike_ts;
  vl_api_ikev2_esp_transforms_t esp_ts;
  u64 lifetime;
  u64 lifetime_maxdata;
  u32 lifetime_jitter;
  u32 handover;
  u16 ipsec_over_udp_port;
  u32 tun_itf;
  bool udp_encap;
  bool natt_disabled;
  vl_api_ikev2_auth_t auth;
};

typedef ikev2_sa_transform
{
  u8 transform_type;
  u16 transform_id;
  u16 key_len;
  u16 key_trunc;
  u16 block_size;
  u8 dh_group;
};

typedef ikev2_keys
{
  u8 sk_d[64];
  u8 sk_d_len;
  u8 sk_ai[64];
  u8 sk_ai_len;
  u8 sk_ar[64];
  u8 sk_ar_len;
  u8 sk_ei[64];
  u8 sk_ei_len;
  u8 sk_er[64];
  u8 sk_er_len;
  u8 sk_pi[64];
  u8 sk_pi_len;
  u8 sk_pr[64];
  u8 sk_pr_len;
};

typedef ikev2_child_sa
{
  u32 sa_index;
  u32 child_sa_index;
  u32 i_spi;
  u32 r_spi;
  vl_api_ikev2_keys_t keys;
  vl_api_ikev2_sa_transform_t encryption;
  vl_api_ikev2_sa_transform_t integrity;
  vl_api_ikev2_sa_transform_t esn;
};

typedef ikev2_child_sa_v2
{
  u32 sa_index;
  u32 child_sa_index;
  u32 i_spi;
  u32 r_spi;
  vl_api_ikev2_keys_t keys;
  vl_api_ikev2_sa_transform_t encryption;
  vl_api_ikev2_sa_transform_t integrity;
  vl_api_ikev2_sa_transform_t esn;
  f64 uptime;
};

typedef ikev2_sa_stats
{
  u16 n_keepalives;
  u16 n_rekey_req;
  u16 n_sa_init_req;
  u16 n_sa_auth_req;
  u16 n_retransmit;
  u16 n_init_sa_retransmit;
};

enum ikev2_state
{
  UNKNOWN,
  SA_INIT,
  DELETED,
  AUTH_FAILED,
  AUTHENTICATED,
  NOTIFY_AND_DELETE,
  TS_UNACCEPTABLE,
  NO_PROPOSAL_CHOSEN,
};

typedef ikev2_sa
{
  u32 sa_index;
  u32 profile_index;

  u64 ispi;
  u64 rspi;
  vl_api_address_t iaddr;
  vl_api_address_t raddr;

  vl_api_ikev2_keys_t keys;

  /* ID */
  vl_api_ikev2_id_t i_id;
  vl_api_ikev2_id_t r_id;

  vl_api_ikev2_sa_transform_t encryption;
  vl_api_ikev2_sa_transform_t integrity;
  vl_api_ikev2_sa_transform_t prf;
  vl_api_ikev2_sa_transform_t dh;

  vl_api_ikev2_sa_stats_t stats;
};

typedef ikev2_sa_v2
{
  u32 sa_index;
  string profile_name[64];
  vl_api_ikev2_state_t state;

  u64 ispi;
  u64 rspi;
  vl_api_address_t iaddr;
  vl_api_address_t raddr;

  vl_api_ikev2_keys_t keys;

  /* ID */
  vl_api_ikev2_id_t i_id;
  vl_api_ikev2_id_t r_id;

  vl_api_ikev2_sa_transform_t encryption;
  vl_api_ikev2_sa_transform_t integrity;
  vl_api_ikev2_sa_transform_t prf;
  vl_api_ikev2_sa_transform_t dh;

  vl_api_ikev2_sa_stats_t stats;
};

typedef ikev2_sa_v3
{
  u32 sa_index;
  string profile_name[64];
  vl_api_ikev2_state_t state;

  u64 ispi;
  u64 rspi;
  vl_api_address_t iaddr;
  vl_api_address_t raddr;

  vl_api_ikev2_keys_t keys;

  /* ID */
  vl_api_ikev2_id_t i_id;
  vl_api_ikev2_id_t r_id;

  vl_api_ikev2_sa_transform_t encryption;
  vl_api_ikev2_sa_transform_t integrity;
  vl_api_ikev2_sa_transform_t prf;
  vl_api_ikev2_sa_transform_t dh;

  vl_api_ikev2_sa_stats_t stats;
  f64 uptime;
};